ISO/IEC/IEEE 8802-1X:2013/Amd 2:2020

INTERNATIONAL ISO/IEC/
STANDARD IEEE
8802-1X
First edition
2013-12-01
AMENDMENT 2
2020-11
Telecommunications and exchange
between information technology
systems — Requirements for local and
metropolitan area networks —
Part 1X:
Port-based network access control
AMENDMENT 2: YANG data model
Télécommunications et échange entre systèmes informatiques —
Exigences pour les réseaux locaux et métropolitains —
Partie 1X: Contrôle d'accès au réseau basé sur le port
AMENDEMENT 2: Modèle de données YANG
Reference number
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
©
IEEE 2018
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)

© IEEE 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO or IEEE at the
respective address below or ISO’s member body in the country of the requester.
ISO copyright office Institute of Electrical and Electronics Engineers, Inc
CP 401 • Ch. de Blandonnet 8 3 Park Avenue, New York
CH-1214 Vernier, Geneva NY 10016-5997, USA
Phone: +41 22 749 01 11
Email: copyright@iso.org Email: stds.ipr@ieee.org
Website: www.iso.org Website: www.ieee.org
Published in Switzerland
ii © IEEE 2018 – All rights reserved

ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non‐governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted (see www.iso.org/directives).
IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating
Committees of the IEEE Standards Association (IEEE‐SA) Standards Board. The IEEE develops its
standards through a consensus development process, approved by the American National Standards
Institute, which brings together volunteers representing varied viewpoints and interests to achieve the
final product. Volunteers are not necessarily members of the Institute and serve without compensation.
While the IEEE administers the process and establishes rules to promote fairness in the consensus
development process, the IEEE does not independently evaluate, test, or verify the accuracy of any of
the information contained in its standards.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the
IEC list of patent declarations received (see http://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT)
see www.iso.org/iso/foreword.html.
ISO/IEC/IEEE 8802‐1X:2013/Amd 2 was prepared by the LAN/MAN of the IEEE Computer Society (as
IEEE Std 802.1Xck‐2018) and drafted in accordance with its editorial rules. It was adopted, under the
“fast‐track procedure” defined in the Partner Standards Development Organization cooperation
agreement between ISO and IEEE, by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 6, Telecommunications and information exchange between systems.
A list of all parts in the ISO/IEC/IEEE 8802 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
© IEEE 2018 – All rights reserved iii

Title page
IEEE Std 802.1Xck™-2018
(Amendment to IEEE Std 802.1X™-2010
as amended by IEEE Std 802.1Xbx™-2014)
IEEE Standard for
Local and metropolitan area networks—
Port-Based Network Access Control
Amendment 2: YANG Data Model
Sponsor
LAN/MAN Standards Committee
of the
IEEE Computer Society
Approved 27 September 2018
IEEE-SA Standards Board
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
Abstract: The YANG data model specified in this amendment to IEEE Std 802.1X™-2010 allows
configuration and status reporting for port-based network access control, in the scenarios described
in Clause 7 of this standard and Clause 11 of IEEE Std 802.1AE™-2018, using the information
model previously specified in this standard.
Keywords: amendment, authorized port, confidentiality, data model, data origin authenticity,
IEEE 802.1X™, IEEE 802.1Xck™, information model, integrity, LANs, local area networks, MAC
Bridges, MAC security, MAC Service, MANs, metropolitan area networks, port-based network
access control, secure association, security, transparent bridging, YANG
The Institute of Electrical and Electronics Engineers, Inc.
3 Park Avenue, New York, NY 10016-5997, USA
All rights reserved. Published 21 December 2018. Printed in the United States of America.
IEEE and 802 are registered trademarks in the U.S. Patent & Trademark Office, owned by The Institute of Electrical and Electronics
Engineers, Incorporated.
PDF: ISBN 978-1-5044-5213-7 STD23338
Print: ISBN 978-1-5044-5214-4 STDPD23338
IEEE prohibits discrimination, harassment, and bullying.
For more information, visit http://www.ieee.org/web/aboutus/whatis/policies/p9-26.html.
No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without the prior written permission
of the publisher.
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
Important Notices and Disclaimers Concerning IEEE Standards Documents
IEEE documents are made available for use subject to important notices and legal disclaimers. These notices and
disclaimers, or a reference to this page, appear in all standards and may be found under the heading “Important Notices
and Disclaimers Concerning IEEE Standards Documents.” They can also be obtained on request from IEEE or viewed at
https://standards.ieee.org/ipr/disclaimers.html.
Notice and Disclaimer of Liability Concerning the Use of IEEE Standards
Documents
IEEE Standards documents (standards, recommended practices, and guides), both full-use and trial-use, are developed
within IEEE Societies and the Standards Coordinating Committees of the IEEE Standards Association (“IEEE-SA”)
Standards Board. IEEE (“the Institute”) develops its standards through a consensus development process, approved by
the American National Standards Institute (“ANSI”), which brings together volunteers representing varied viewpoints
and interests to achieve the final product. IEEE Standards are documents developed through scientific, academic, and
industry-based technical working groups. Volunteers in IEEE working groups are not necessarily members of the
Institute and participate without compensation from IEEE. While IEEE administers the process and establishes rules to
promote fairness in the consensus development process, IEEE does not independently evaluate, test, or verify the
accuracy of any of the information or the soundness of any judgments contained in its standards.
IEEE Standards do not guarantee or ensure safety, security, health, or environmental protection, or ensure against
interference with or from other devices or networks. Implementers and users of IEEE Standards documents are
responsible for determining and complying with all appropriate safety, security, environmental, health, and interference
protection practices and all applicable laws and regulations.
IEEE does not warrant or represent the accuracy or content of the material contained in its standards, and expressly
disclaims all warranties (express, implied and statutory) not included in this or any other document relating to the
standard, including, but not limited to, the warranties of: merchantability; fitness for a particular purpose;
non-infringement; and quality, accuracy, effectiveness, currency, or completeness of material. In addition, IEEE
disclaims any and all conditions relating to: results; and workmanlike effort. IEEE standards documents are supplied
“AS IS” and “WITH ALL FAULTS.”
Use of an IEEE standard is wholly voluntary. The existence of an IEEE standard does not imply that there are no other
ways to produce, test, measure, purchase, market, or provide other goods and services related to the scope of the IEEE
standard. Furthermore, the viewpoint expressed at the time a standard is approved and issued is subject to change
brought about through developments in the state of the art and comments received from users of the standard.
In publishing and making its standards available, IEEE is not suggesting or rendering professional or other services for,
or on behalf of, any person or entity nor is IEEE undertaking to perform any duty owed by any other person or entity to
another. Any person utilizing any IEEE Standards document, should rely upon his or her own independent judgment in
the exercise of reasonable care in any given circumstances or, as appropriate, seek the advice of a competent
professional in determining the appropriateness of a given IEEE standard.
IN NO EVENT SHALL IEEE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO: PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
PUBLICATION, USE OF, OR RELIANCE UPON ANY STANDARD, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE AND REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE.
Translations
The IEEE consensus development process involves the review of documents in English only. In the event that an IEEE
standard is translated, only the English version published by IEEE should be considered the approved IEEE standard.
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
Official statements
A statement, written or oral, that is not processed in accordance with the IEEE-SA Standards Board Operations Manual
shall not be considered or inferred to be the official position of IEEE or any of its committees and shall not be considered
to be, or be relied upon as, a formal position of IEEE. At lectures, symposia, seminars, or educational courses, an
individual presenting information on IEEE standards shall make it clear that his or her views should be considered the
personal views of that individual rather than the formal position of IEEE.
Comments on standards
Comments for revision of IEEE Standards documents are welcome from any interested party, regardless of membership
affiliation with IEEE. However, IEEE does not provide consulting information or advice pertaining to IEEE Standards
documents. Suggestions for changes in documents should be in the form of a proposed change of text, together with
appropriate supporting comments. Since IEEE standards represent a consensus of concerned interests, it is important that
any responses to comments and questions also receive the concurrence of a balance of interests. For this reason, IEEE
and the members of its societies and Standards Coordinating Committees are not able to provide an instant response to
comments or questions except in those cases where the matter has previously been addressed. For the same reason, IEEE
does not respond to interpretation requests. Any person who would like to participate in revisions to an IEEE standard is
welcome to join the relevant IEEE working group.
Comments on standards should be submitted to the following address:
Secretary, IEEE-SA Standards Board
445 Hoes Lane
Piscataway, NJ 08854 USA
Laws and regulations
Users of IEEE Standards documents should consult all applicable laws and regulations. Compliance with the provisions
of any IEEE Standards document does not imply compliance to any applicable regulatory requirements. Implementers of
the standard are responsible for observing or referring to the applicable regulatory requirements. IEEE does not, by the
publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents
may not be construed as doing so.
Copyrights
IEEE draft and approved standards are copyrighted by IEEE under U.S. and international copyright laws. They are made
available by IEEE and are adopted for a wide variety of both public and private uses. These include both use, by
reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering
practices and methods. By making these documents available for use and adoption by public authorities and private
users, IEEE does not waive any rights in copyright to the documents.
Photocopies
Subject to payment of the appropriate fee, IEEE will grant users a limited, non-exclusive license to photocopy portions
of any individual standard for company or organizational internal use or individual, non-commercial use only. To
arrange for payment of licensing fees, please contact Copyright Clearance Center, Customer Service, 222 Rosewood
Drive, Danvers, MA 01923 USA; +1 978 750 8400. Permission to photocopy portions of any individual standard for
educational classroom use can also be obtained through the Copyright Clearance Center.
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
Updating of IEEE Standards documents
Users of IEEE Standards documents should be aware that these documents may be superseded at any time by the
issuance of new editions or may be amended from time to time through the issuance of amendments, corrigenda, or
errata. A current IEEE document at any point in time consists of the current edition of the document together with any
amendments, corrigenda, or errata then in effect.
Every IEEE standard is subjected to review at least every ten years. When a document is more than ten years old and has
not undergone a revision process, it is reasonable to conclude that its contents, although still of some value, do not
wholly reflect the present state of the art. Users are cautioned to check to determine that they have the latest edition of
any IEEE standard.
In order to determine whether a given document is the current edition and whether it has been amended through the
issuance of amendments, corrigenda, or errata, visit IEEE Xplore at https://ieeexplore.ieee.org or contact IEEE at the
address listed previously. For more information about the IEEE-SA or IEEE’s standards development process, visit the
IEEE-SA Website at https://standards.ieee.org.
Errata
Errata, if any, for all IEEE standards can be accessed on the IEEE-SA Website at the following URL:
https://standards.ieee.org/findstds/errata/index.html. Users are encouraged to check this URL for errata periodically.
Patents
Attention is called to the possibility that implementation of this standard may require use of subject matter covered by
patent rights. By publication of this standard, no position is taken by the IEEE with respect to the existence or validity of
any patent rights in connection therewith. If a patent holder or patent applicant has filed a statement of assurance via an
Accepted Letter of Assurance, then the statement is listed on the IEEE-SA Website at
https://standards.ieee.org/about/sasb/patcom/patents.html. Letters of Assurance may indicate whether the Submitter is
willing or unwilling to grant licenses under patent rights without compensation or under reasonable rates, with
reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicants desiring to obtain
such licenses.
Essential Patent Claims may exist for which a Letter of Assurance has not been received. The IEEE is not responsible for
identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity
or scope of Patents Claims, or determining whether any licensing terms or conditions provided in connection with
submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users
of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringement
of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Standards
Association.
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
Participants
At the time this amendment was submitted to the IEEE-SA Standards Board for approval, the IEEE 802.1
Working Group had the following membership:
Glenn Parsons, Chair
John Messenger, Vice Chair
Marc Holness, Editor
Mick Seaman, Security Task Group Chair, Editor
SeoYoung Baek Patrick Heffernan Maximilian Riegel
Shenghua Bao Lu Huang Dan Romascanu
Jens Bierschenk Tony Jeffree Jessy V. Rouyer
Michael Johas Teener
Steinar Bjornstad Eero Ryytty
Christian Boiger Hal Keen Soheil Samii
Paul Bottorff Stephan Kehrer Behcet Sarikaya
David Chen Philippe Klein Frank Schewe
Jouni Korhonen
Feng Chen Johannes Specht
Weiying Cheng Yizhou Li Wilfried Steiner
Rodney Cummings Christophe Mangin Patricia Thaler
János Farkas Tom McBeath Paul Unbehagen
Norman Finn James McIntosh Hao Wang
Geoffrey Garner Tero Mustala Karl Weber
Eric W. Gray Hiroki Nakano Brian Weis
Bob Noseworthy
Craig Gunther Jordon Woods
Marina Gutierrez Donald R. Pannell Nader Zein
Stephen Haddock Walter Pienciak Helge Zinner
Mark Hantel Michael Potts Juan Carlos Zuniga
Karen Randall
The following members of the individual balloting committee voted on this amendment. Balloters may have
voted for approval, disapproval, or abstention.
Thomas Alexander Rita Horner Clinton Powell
Butch Anton Noriyuki Ikeuchi Karen Randall
Stefan Aust Osamu Ishida Alon Regev
Harry Bims Atsushi Ito Maximilian Riegel
David Black Raj Jain Robert Robinson
Sangkwon Jeong
Nancy Bravin Jessy V. Rouyer
Demetrio Bucaneg Piotr Karocki Frank Schewe
William Byrd Stuart Kerry Mick Seaman
Daniel Conte Evgeny Khorov Di Dieter Smely
Charles Cook Yongbum Kim Daniel Smith
Richard Doyle Hyeong Ho Lee Thomas Starai
Sourav Dutta James Lepp Walter Struppler
János Farkas Jon Lewis Mark-Rene Uchida
Michael Fischer Michael Lynch Dmitri Varsanofiev
Matthias Fritsche Elvis Maculuba George Vlantis
Yukihiro Fujimoto Richard Mellitz Hao Wang
Eric W. Gray Michael Montemurro Karl Weber
Randall Groves Rick Murphy Brian Weis
Stephen Haddock Michael Newman Andreas Wolf
Marco Hernandez Nick S. A. Nikjoo Chun Yu Charles Wong
David Hess Satoshi Obara Oren Yuen
Werner Hoelzl Bansi Patel Zhen Zhou
Michael Peters
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
When the IEEE-SA Standards Board approved this amendment on 27 September 2018, it had the following
membership:
Jean-Philippe Faure, Chair
Gary Hoffman, Vice Chair
John D. Kulick, Past Chair
Konstantinos Karachalios, Secretary
Ted Burse Xiaohui Liu Robby Robson
Guido R. Hiertz Kevin Lu Dorothy Stanley
Christel Hunter Mehmet Ulema
Daleep Mohla
Joseph L. Koepfinger* Andrew Myles Phil Wennblom
Philip Winston
Thomas Koshy Paul Nikolich
Ronald C. Petersen Howard Wolfman
Hung Ling
Jingyi Zhou
Dong Liu Annette D. Reilly
*Member Emeritus
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
Introduction
This introduction is not part of IEEE Std 802.1Xck-2018, IEEE Standard for Local and metropolitan area networks—
Port-Based Network Access Control—Amendment 2: YANG Data Model.
This second amendment to IEEE Std 802.1X™-2010 specifies a YANG data model that allows
configuration and status reporting for port-based network access control, in the scenarios described in
Clause 7 of this standard and Clause 11 of IEEE Std 802.1AE™-2018, using the information model
previously specified in this standard.
The first edition of IEEE Std 802.1X was published in 2001. The second edition, IEEE Std 802.1X-2004,
clarified areas related to mutual authentication and the interface between the IEEE 802.1X state machine
and state machines specified by the Extensible Authentication Protocol (EAP) and by IEEE Std 802.11™ in
support of IEEE Std 802.1X.
The third edition, IEEE Std 802.1X-2010, adds authenticated key agreement in support of IEEE 802.1AE™
MAC Security (MACsec) and clarifies and generalizes the relationship between the common architecture
specified for port-based network access control and the functional elements and protocols that support that ®
architecture as specified in IEEE Std 802.1X, other IEEE 802 standards, and IETF RFCs. Further changes
update the standard to reflect best current practice, insisting, for example, on mutual authentication methods
and using such methods in examples. A greater emphasis is placed on the security of systems accessing the
network, as well as on the security of the network accessed, and some prior provisions, with a more
comprehensive treatment of segregating and limiting connectivity to unauthenticated systems. Applications
of port-based network access that use MACsec and/or MACsec Key Agreement protocol (MKA) are
described.
Every effort was made to ensure that systems conformant to IEEE Std 802.1X-2010 will interoperate,
without prior configuration, with implementations conforming to IEEE Std 802.1X-2004 and
IEEE Std 802.1X-2001. However, it is anticipated that claims of conformance with respect to some existing
implementations, not needing to support IEEE Std 802.1AE and already conforming to best current practice
as of 2010, will continue to refer to IEEE Std 802.1X-2004. IEEE Std 802.1X-2010 includes a number of
improvements to the specification of the port access control protocol (PACP) state machines and their
relationship to EAP methods and state machines.
IEEE Std 802.1Xbx-2014 is the first amendment to IEEE Std 802.1X-2010. Its MKA extensions make
additional security and manageability capabilities possible based on the changes made by
IEEE Std 802.1AEbw™-2013 that added extended packet numbering Cipher Suites to
IEEE Std 802.1AE-2006. Secure connectivity association (CA) members can temporarily suspend MKA
operation without causing protocol timeouts that would disrupt secure data transfer; thus, in-service control
plane software can be upgraded.
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
Contents
1. Overview. 13
1.3 Introduction. 13
1.4 Provisions of this standard. 14
2. Normative references. 15
3. Definitions . 17
5. Conformance. 18
5.3 Conformant systems and system components . 18
5.4 PAE requirements . 18
5.10 MKA requirements . 19
5.12 Virtual port requirements. 19
5.23 Requirement for YANG data model of a PAE . 20
5.24 Options for YANG data model of a PAE . 20
6. Principles of port-based network access control operation . 21
6.1 Port-based network access control architecture. 21
6.2 Key hierarchy. 21
6.3 Port Access Entity (PAE) . 22
6.4 Port Access Controller (PAC).22
7. Port-based network access control applications . 23
7.5 Host access with MACsec and a multi-access LAN. 23
8. Authentication using EAP . 24
8.11 EAP methods . 24
9. MACsec Key Agreement protocol (MKA) . 25
9.2 Protocol support requirements .25
9.4 MKA transport. 25
9.8 SAK generation, distribution, and selection . 25
9.10 SAK installation and use. 26
9.11 Connectivity change detection. 27
11. EAPOL PDUs . 28
11.1 EAPOL PDU transmission, addressing, and protocol identification. 28
11.11 EAPOL-MKA. 29
12. PAE operation. 33
12.9 PAE management . 33
13. PAE MIB . 35
13.2 Structure of the MIB . 35
13.4 Security considerations . 35
13.5 Definitions for PAE MIB. 35
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
14. YANG data model . 84
14.1 PAE management using YANG . 84
14.2 Security considerations . 85
14.3 802.1X YANG model structure . 86
14.4 Relationship to other YANG data models . 87
14.5 Definition of the IEEE 802.1X YANG data model . 100
14.6 YANG data model use in network access control applications. 128
Annex A (normative) PICS proforma. 133
A.5 Major capabilities and options. 133
A.6 PAE requirements and options . 134
A.9 MKA requirements and options. 135
A.15 YANG requirements and options. 136
Annex B (informative) Bibliography. 137
Annex D . 140
Annex E (informative) IEEE 802.1X EAP and RADIUS usage guidelines. 141
E.1 EAP Session-Id . 141
E.2 RADIUS Attributes for IEEE 802 Networks. 141
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
Figures
Figure 11-9 Live Peer List and Potential Peer List parameter sets. 32
Figure 12-3 PAE management information.34
Figure 14-1 YANG model structure . 86
Figure 14-2 YANG object hierarchy with IEEE Std 802.1X . 86
Figure 14-3 IETF System Management YANG data model . 88
Figure 14-4 IETF Interface Management YANG data model. 90
Figure 14-5 Explicit Interface Model of Bridge Port . 96
Figure 14-6 Augmented Interface Mode of Bridge Port. 97
Figure 14-7 Bridge Port with LAG Interface stack model . 97
Figure 14-8 Bridge Port YANG Interface stack model with MACsec. 98
Figure 14-9 Augmented Interface Model of Bridge Port with a PAE . 98
Figure 14-10 YANG Interface Model with MACsec and virtual ports. 99
Figure 14-11 Explicit Interface Model of Bridge Port LAG with MACsec on members . 99
Figure 14-12 Augmented Interface Model of Bridge Port LAG with MACsec on members . 100
Figure 14-13 IEEE 802.1X YANG model for host (7.1). 128
Figure 14-14 IEEE 802.1X YANG model for network access point (7.1). 129
Figure 14-15 IEEE 802.1X YANG model for network access point (7.3). 130
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
Tables
Table 11-1 EAPOL group address assignments. 29
Table 11-7 MKPDU parameter sets . 30
Table 13-4 PAE managed object cross-reference table . 35
Table 14-1 PAE System cross-reference table. 89
Table 14-2 PAE cross-reference table. 91
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
IEEE Standard for
Local and metropolitan area networks—
Port-Based Network Access Control
Amendment 2: YANG Data Model
[This amendment is based on IEEE Std 802.1X™-2010 as amended by IEEE Std 802.1Xbx™-2014.]
NOTE—The editing instructions contained in this amendment define how to merge the material contained therein into
the existing base standard and its amendments to form the comprehensive standard.
The editing instructions are shown in bold italics. Four editing instructions are used: change, delete, insert, and replace.
Change is used to make corrections in existing text or tables. The editing instruction specifies the location of the change
and describes what is being changed by using strikethrough (to remove old material) and underscore (to add new
material). Delete removes existing material. Insert adds new material without disturbing the existing material. Deletions
and insertions may require renumbering. If so, renumbering instructions are given in the editing instruction. Replace is
used to make changes in figures or equations by removing the existing figure or equation and replacing it with a new
one. Editing instructions, change markings, and this note will not be carried over into future editions because the
changes will be incorporated into the base standard.
1. Overview
1.3 Introduction
Change the fourth paragraph of 1.3 as follows:
Use of the Controlled Port can be restricted by access controls bound to the results of authentication and
distributed via AAA protocols such as Diameter (IETF RFC 6733 [B26]) or RADIUS (IETF RFC 2865
[B5]). Attributes supporting certain port-based network access control scenarios are described in
IETF RFC 3580 [B13], IETF RFC 4675 [B17], and IETF RFC 4849 [B18], and IETF RFC 7268 [B28].
Notes in text, tables, and figures are given for information only and do not contain requirements needed to implement the standard.
The numbers in brackets preceded by the letter B correspond to the numbers in the bibliography in Annex B.
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
IEEE Std 802.1Xck-2018
IEEE Standard for Local and metropolitan area networks—
Port-Based Network Access Control—Amendment 2: YANG Data Model
1.4 Provisions of this standard
Change 1.4 as follows:
The scope (1.1) of this standard is addressed by detailed specification of the following:
a) The principles of port-based network access control operation, identifying the protocol components
that compose a port-based network access control implementation (Clause 6).
b) A PAE component, that supports authentication, authorization, and the key agreement functionality
required by IEEE Std 802.1AE to allow a MAC Security Entity (SecY) to protect communication
through a port (6.3, Clause 12).
c) A Port Access Controller (PAC) component, that controls communication where the attached LAN
is deemed to be physically secure and provides point-to-point connectivity (6.4).
d) The key hierarchy used by the PAE and SecY (6.2).
e) The use of EAP by PAEs to support authentication and authorization using a centrally administered
Authentication or AAA Server (Clause 8).
f) An encapsulation format, EAPOL, that allows EAP Messages and other protocol exchanges to
support authentication and key agreement to be carried directly by a LAN MAC service (Clause 11).
g) A MAC Security Key Agreement protocol (MKA) that the PAE uses to discover associations and
agree the keys used by a SecY (Clause 9).
h) An EAPOL Announcement protocol that allows a PAE to indicate the availability of network
services, helping other PAEs to choose appropriate credentials and parameters for authentication and
network access (Clause 10).
i) Requirements for management of port-based access control, identifying the managed objects and
defining the management operations for PAEs (12.9).
j) SMIv2 MIB objects that can be used with SNMPv3 to manage PAEs (Clause 13).
k) YANG configuration and operational state models for PAE and PAE System components
(Clause 14).
The use of port-based network access control in a number of applications is described (Clause 7) to illustrate
the use of these components and the requirements taken into account in their specification. To facilitate
migration to this standard, Annex F (informative) uses the same concepts to describe the architectural
modeling of unsecured multi-access LANs, a widely deployed form of authenticated port-based network
access control that does not meet the security requirements of this standard. Administrative connectivity to
unauthenticated devices, as required for use of industry standard ‘Wake-on-LAN’ (WoL) protocols, is
described for the scenarios of Clause 7; Annex E (informative) provides background information on WoL.
This standard defines conformance requirements (Clause 5) for the implementation of the following:
l) k) Port Access Entities (PAEs)
m) l) Port Access Controllers (PACs)
Annex A provides PICS (Protocol Implementation Conformance Statement) Proformas for completion by
suppliers of implementations that are claimed to conform to this standard.
The basic architectural concepts, such as ‘port’, on which this standard relies are reviewed
in IEEE Std 802.1AC Annex D.
This standard uses and selects options provided by EAP and AAA protocol specifications, but does not
modify those specifications (see Clause 2 for references). Annex D (informative) provides EAP and
RADIUS usage guidelines.
The specification and conformance requirements for association discovery and key agreement for
IEEE 802.11 Wireless LANs are outside the scope of this standard (see IEEE Std 802.11). That standard
makes use of the PAE specified by this standard.
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
IEEE Std 802.1Xck-2018
IEEE Standard for Local and metropolitan area networks—
Port-Based Network Access Control—Amendment 2: YANG Data Model
2. Normative references
Change the list of normative references in Clause 2 as follows:
iana-if-type YANG module, Internet Assigned Numbers Authority.
® 4,5
IEEE Std 802 , IEEE Standard for Local and Metropolitan Area Networks: Overview and Architecture.
IEEE Std 802.1D™, IEEE Standard for Local and Metropolitan Area Networks: Media access control
1,2
(MAC) Bridges.
IEEE Std 802d™, IEEE Standard for Local and Metropolitan Area Networks: Overview and Architecture
Amendment 1: Allocation of Uniform Resource Name (URN) Values in IEEE 802 Standards.
IEEE Std 802.1Q™, IEEE Standard for Local and Metropolitan Area Networks: Bridges and Bridged
Networks.
IEEE Std 802.1AB™, IEEE Standard for Local and Metropolitan Area Networks: Station and Media Access
Control Connectivity and Discovery.
™
IEEE Std 802.1AC , IEEE Standard for Local and metropolitan area networks—Media Access Control
(MAC) Service Definition.
IEEE Std 802.1AE™, IEEE Standard for Local and Metropolitan Area Networks: Media Access Control
(MAC) Security.
IEEE Std 802.1AE™-2006, IEEE Standard for Local and Metropolitan Area Networks: Media Access
Control (MAC) Security.
IEEE Std 802.1AEbn™-2011, IEEE Standard for Local and Metropolitan Area Network—Media Access
Control (MAC) Security—Amendment 1: Galois Counter Mode–Advanced Encryption Standard–256
(GCM-AES-256) Cipher Suite.
IEEE Std 802.1AEbw™-2013, IEEE Standard for Local and Metropolitan Area Networks: Media Access
Control (MAC) Security—Amendment 2: Extended Packet Numbering.
IEEE Std 802.1AEcg™, IEEE Standard for Local and Metropolitan Area Networks: Media Access Control
(MAC) Security—Amendment 3: Ethernet Data Encryption devices.
IEEE Std 802.1AX™, IEEE Standard for Local and Metropolitan Area Networks: Link Aggregation.
IEEE Std 802.2™, 1998 Edition [ISO/IEC 8802-2: 1998], Information technology—Telecommunications
and information exchange between systems—Local and metropolitan area networks—Specific
requirements—Part 2: Logical link control.
™
IEEE Std 802.3 , IEEE Standard for Ethernet.
IEEE Std 802.11™, IEEE Standard for Information technology—Telecommunications and information
exchange between systems—Local and metropolitan area networks—Specific requirements—Part 11:
Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications.
https://www.iana.org/assignments/iana-if-type/iana-if-type.xhtml.
IEEE publications are available from The Institute of Electrical and Electronics Engineers (https://www.standards.ieee.org).
The IEEE standards or products referred to in this clause are trademarks of The Institute of Electrical and Electronics Engineers, Inc.
ISO/IEC/IEEE 8802-1X:2013/Amd.2:2020(E)
IEEE Std 802.1Xck-2018
IEEE Standard for Local and metropolitan area networks—
Port-Based Network Access Control—Amendment 2: YANG Data Model
IEEE Std 802.17™-2004 IEEE Standard for Information Technology—Telecommunications and
information exchange between systems—Local and metropolitan area networks—Specific requirements—
Part 17: Resilient packet ring (RPR) access method and physical layer specifications.
IEEE Std 802.1AR™, IEEE Standard for Local and Metropolitan Area Networks: Secure Device Identifier.
IETF RFC 2578, STD 58, Structure of Management Information for Version 2 of the Simple Network
Management Protocol (SNMPv2), McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and
Waldbusser, S., April 1999.
IETF RFC 2579, STD 58, Textual Conventions for Version 2 of the Simple Network Management Protocol
(SNMPv2), McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and Waldbusser, S.,
April 1999.
IETF RFC 2580, STD 58, Conformance Statements for SMIv2, McCloghrie, K., Perkins, D.,
Schoenwaelder, J., Case, J., Rose, M., and Waldbusser, S., April 1999.
IETF RFC 2863, The Interfaces Group MIB using SMIv2, McCloghrie, K., and Kastenholz, F., June 2000.
IETF RFC 3394, Advanced Encryption Standard (AES) Key Wrap Algorithm, Schaad, J., and Housley, R.,
September 2002.
IETF RFC 3629, STD 63, UTF-8, a
...